Security Truth Table
The following sample procedure and truth table summarize the logic flow of security processing for provisioning requests in Microsoft® Provisioning Framework (MPF).
| Value of @impersonate | Basic Authentication Credential securityContext | "Execute as" User on Procedure 2 | Value of @Impersonate | Result |
|---|---|---|---|---|
| 0 | Irrelevant (not used even if specified) | Irrelevant (not used even if specified) | 0 | MPFServiceAcct |
| 1 | Basic authentication user | NULL | 0 | Basic authentication user |
| 1 | NULL | NULL | 0 | Calling user |
| 2 | Irrelevant (not used even if specified) | Not used | 0 | MPFServiceAcct |
| Not specified | Basic authentication user | NULL | 1 | Basic authentication user |
| Not specified | NULL | NULL | 1 | Calling user |
| Not specified | Irrelevant (not used even if specified) | Irrelevant (not used even if specified) | 2 | MPFServiceAcct |
| 1 | Irrelevant (not used even if specified) | "Execute as" user | 0 | "Execute as" user |
| Not specified | Irrelevant (not used even if specified) | "Execute as" user | 1 | "Execute as" user |
The table's Result column lists the account under which MPF would run Procedure 3 in the following example, given various combinations of @impersonate, "execute as" credentials, and a basic authentication credential in the request passed to procedure 1.
<namespace name="namespace1"> <procedure name="Procedure1"> <execute procedure="Procedure2" namespace="Namespace1" impersonate="0" /><!—column 1--> </procedure> <procedure name="Procedure2" > <execute procedure="Procedure3" namespace="Namespace2" impersonate="0"><!—column 2--> </procedure> </namespace>
See Also
Basic Authentication, Data Encryption, Provisioning Schema
Top
of Page
© 1999-2002
Microsoft Corporation. All rights reserved.